We have in the plans a massive, I mean from the ground up massive re-design of our systems we have, front facing and back end that have been built upon over the last 10 years or so with some new parts and some old.

Having said that, while QA teams are good, we want to go full on testing with these new systems as we get into pushing them closer to go live. I have limited knowledge when it comes to true security penetration testing not much beyond OpenVAS and other tools.

I wanted to ask the Spiceheads, does anyone know of reputable and reliable security penetration companies that can do evaluations of one's systems, full on, not just scans and a automated list of what is weak and what is not, but a company that will actually try to get into systems and show the true weaknesses?

We are looking to do bi-weekly releases if things stay on track so it could be frequent testing to be run with each version release if there is significant code change between releases.

We will have numerous systems front facing to customer and want to be assured everything is as secure as it could be.

Martin2012, thanks for the added info, this process is still being planned out, right now it is more a idea i want to push out and get implemented so the best way to do it is definitely something i am still researching.

Ideally we will be hiring 1-2 in house "experts" eventually to have on full time doing this, but to start we may need external providers since finding talent around here of this level is very hard.

System I.T, for security penetration testing I would recommend talking to Leidos. Their focus is end-to-end system security and they can offer evaluations of your plan with ongoing support. If you’re interested you can contact Gib Sorebo, a Chief Cybersecurity Technologist from Leidos at GILBERT.N.SOREBO@Leidos.com. If you have any questions about Leidos feel free to reach out, I’m here to ﻿help!